Skip to main content

Understand SCIM

System for Cross-domain Identity Management (SCIM) is an open standard that automates the exchange of user identity information between identity providers (IdPs) and service providers (SPs), such as SixMap. SCIM works in conjunction with Single Sign-On (SSO) to streamline user lifecycle management, making it easier to manage user identities across different systems.

While SSO enables users to log in to multiple applications with a single set of credentials, SCIM automates the provisioning and management of those user accounts. SCIM complements SSO by handling the creation, modification, and deactivation of user identities, while SSO handles the authentication process.

tip

To manage SCIM, you must have the Admin role.

How SCIM works

  1. After your organization adds a new user to the IdP, SCIM automatically provisions a corresponding user account in SixMap. This ensures that the user is set up in SixMap before they even attempt to log in.
  2. The user attempts to log in to SixMap via SSO and SixMap redirects them to the IdP where they authenticate using their credentials.
  3. SixMap uses the information from the SSO process (and potentially SCIM) to identify and validate the user.
    info

    If your organization uses JIT provisioning and the user was not added to the IdP before attempting to log in, SixMap creates an account during the user's first-time SSO login attempt. For more information, see JIT provisioning and SCIM.

  4. After successfully authenticating and validating, SixMap grants the user access to the SixMap app.
  5. When a user leaves and your organization de-provisions them in the IdP, SCIM automatically de-provisions the user's account in SixMap, revoking their access.